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DETAILED ACTION 



Claims 1-8 are pending. 



Specification 



2. The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claim 1 is rejected under 35 U.S.C. 102(e) as being anticipated by Redlich US 
Patent No 6,591,306. 

5. With regards to claim 1 , Redlich discloses a system for IP network access for 
portable devices in which he teaches a transport entity for providing transport services 
(Redlich, column 25 lines 3-7 and lines 29-31), a security entity logically positioned 



Claim Rejections - 35 USC § 102 



above the transport entity and operative to set up secure communications sessions with 
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peer security entities in other systems for the passing of application messages in PDU's 
(Redlich, column 25 lines 54-59), the security entity including a tunneling mechanism for 
establishing a tunnel through an access-controlling intermediate system whereby to 
enable the local application entity to exchange application messages securely with a 
remote application entity on another system reachable via the intermediate system 
(Redlich, Figures 9 and 11, column 25 lines 19-42, column 26 lines 1-11), the tunneling 
mechanism establishing this tunnel by first setting up a first security session with the 
intermediate system and then a nested second security session with another system 
with PDUs associated with the second session being encapsulated within PDUs 
associated with the first session (Redlich, column 25 line 54 column 26 line 1 1 ) and 
being extracted by the intermediate system for sending to another system (Redlich, 
column 21 lines 42-57), and each PDU having a message-type field by which the 
security entity in the intermediate system can determine whether a PDU it receives 
encapsulates a PDU to be extracted and sent on (Redlich, column 21 lines 22-33, 
column 25 lines 27-32). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C, 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Application/Control Number: 09/733,475 Page 4 

Art Unit: 2134 

7. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Redlich 
Patent No 6,591,306 in view of Kirby et a! US Patent No 5,898,784. 

8. With regards to claim 6, Redlich, as described above fails to teach the 
destination address being modifiable. Kirby teaches each PDU having a destination 
address that is modifiable without invalidating any security processing applied 
specifically to that PDU whereby the intermediate system can redirect PDUs that are 
indicated by the message type of an encapsulating PDU as intended for sending on 
(Kirby, column 6 lines 17-25). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize Kirby's method of modifying 
destination addresses because it offers the advantage of allowing the routing of packets 
to the correct destination system depending on the tunnel over which it was sent (Kirby, 
column 2 lines 51-55). 

9. Claims 3-5 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Redlich US Patent No 6,591,306 in view of Subramaniam et al US Patent No 
6,081,900. 

10. With regards to claims 3 and 7, Redlich as described above, fails to teach the 
establishment of a security session effected through a handshake process by showing 
certificates exchanged between the security entities. Subramaniam teaches the 
establishment of a security session effected through a handshake process between 
security entities during which each application entity involved is required to show by 
attribute certificates that it possesses certain attributes required of it by the other 
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application entity (Subramaniam, column 12 lines 19-46). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize 
Subramaniam's method of using certificates for authentication because it offers the 
advantage of providing a method for a client to have convenient, efficient, and secure 
access to data stored within a secure network (Subramaniam, column 3 lines 1-6). 
1 1 . With regards to claims 4-5 and 8, Redlich as described above, fails to teach a 
remote broker system running a broker application that fronts for a target application 
entity. Subramaniam teaches a remote broker system running a broker application that 
fronts for a target application entity (Subramaniam, column 6 lines 61-64), the security 
entity being initially operative to seek to establish a security session with the broker 
application as the target application entity requiring of the broker application attributes ' 
considered by the local application entity as appropriate for the target application 
(Subramaniam, column 10 lines 36-62), the broker application responding by causing its 
associated security entity to return as part of its handshake with the security entity of the 
local application an indication that the broker application is a relay for the target 
application entity (Subramaniam, column 10 lines 36-62), the local application entity 
being operative to decide whether to request a tunnel be set up through the broker 
system by the tunneling mechanism and if so what requirements must now be met by 
the broker application (Subramaniam, column 1 0 line 62 - column 1 1 line 2). At the 
time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to utilize Subramaniam's broker application because it offers the advantage of 
providing secure access to a secure intranet (Subramaniam, column 3 lines 11-18) 
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through a broker that is versatile depending on the security needs of the local 
application entity (Subramaniam, column 3 line 52 - column 4 line 4). 

12. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Redlich 
Patent No 6,591 ,306 in view of Brueckheimer et a! US Patent No 6,574,224. Redlich, 
as modified and described above, fails to teach the tunneling mechanism capable of 
setting up multiply nested security sessions. Brueckheimer discloses a system for 
processing communications traffic in which he teaches a tunneling mechanism capable 
of setting up multiply nested security sessions though a corresponding number of 
intermediate systems (Brueckheimer, column 6 lines 41-46). At the time the invention 
was made, it would have been obvious to a person of ordinary skill in the art to utilize 
Brueckheimer's method of nesting security sessions across multiple intermediate 
systems because it offers the advantage helping reduce latency by providing a method 
of establishing tunnels across a wide variety systems in an integrated network 
(Brueckheimer, column 1 lines 8-26 and column 2 lines 3-40). 

Conclusion 

13. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

14. Loehndorf, Jr et al US Patent No 6,094,437 teaches a layer two tunneling 
protocol merging and management system. 
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15. Naudus et al US Patent No 6,292,839 teaches a method and system for reflexive 
tunneling. 

1 6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L Nalven whose telephone number is 703 305 
8407. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on 703 308 4789. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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